From patchwork Sat Apr 5 09:42:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?5p2O5a2Q5aWl?= <23110240084@m.fudan.edu.cn> X-Patchwork-Id: 14039100 X-Patchwork-Delegate: dsahern@gmail.com Received: from smtpbgbr1.qq.com (smtpbgbr1.qq.com [54.207.19.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1443182BD for ; Sat, 5 Apr 2025 09:42:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=54.207.19.206 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743846166; cv=none; b=JxW11r03vsEWU+Gr3T84u6Jj2PMej0C3mCLlQoxd9bzMZLq3YuR9RnZ7vBX/p6ZMAxEcljzjRu/p4BdNjO29ohX/Kn1qM9p0Ak8iM73gmeTQiBUXQ8KYqS7Q/LCP1j2AAOZflfr8uC8QLLCwpgbvfxmFBYSm8XHPuHtuA2xTBhM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1743846166; c=relaxed/simple; bh=myKyg44a+bK7krurUEhT3xCtmuqwyY81relxdAHi7S4=; h=From:To:Subject:Mime-Version:Content-Type:Date:Message-ID; b=FdhDoZQCWQK4BrWFBadbnHZzngg59e2g7dPnutDo+wbGhQQA5qDfDzjGpGL0mD/jm7A4m3K1eLNl9CYkQimvApLDGjcftDuUv6CzuXhv7L7t5todEZ3haeb7FledKva/sVwdV+rNiK0O3q9l+LPMsRstDbPuKy32l6HDUKFs0eE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=m.fudan.edu.cn; spf=pass smtp.mailfrom=m.fudan.edu.cn; dkim=pass (1024-bit key) header.d=m.fudan.edu.cn header.i=@m.fudan.edu.cn header.b=qSchAhGo; arc=none smtp.client-ip=54.207.19.206 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=m.fudan.edu.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=m.fudan.edu.cn Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=m.fudan.edu.cn header.i=@m.fudan.edu.cn header.b="qSchAhGo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=m.fudan.edu.cn; s=sorc2401; t=1743846144; bh=myKyg44a+bK7krurUEhT3xCtmuqwyY81relxdAHi7S4=; h=From:To:Subject:Mime-Version:Date:Message-ID; b=qSchAhGo4vC8pV1gsA55weCDv5N97e/mRm8nudoFdKvXMxl4Hn4tmEar2DV2NaKQa aTsaYeIANNSzWjmzZJAQ5rOnGl6QUBUJi2xnbZ6flzkdBDeyF+COjErdoyu4g5VVgy rLhUhz6YWaADnoBE9Nwi42IfVevBDNDkh9ARyKOs= EX-QQ-RecipientCnt: 1 X-QQ-GoodBg: 2 X-QQ-SSF: 0040000000000020 X-QQ-FEAT: D4aqtcRDiqQFpFrNiEiZtotk1n6/lCfLiWO7v6wJmw0= X-QQ-BUSINESS-ORIGIN: 2 X-QQ-Originating-IP: twyt6EXctAzSjlXeoUn2GQVW9b8KIHgnYuYG0dPssVg= X-QQ-STYLE: X-QQ-mid: v3sz3a-3t1743846141t4361705 From: " =?utf-8?b?5p2O5a2Q5aWl?= " <23110240084@m.fudan.edu.cn> To: " =?utf-8?q?netdev?= " Subject: [PATCH iproute2] nstat: Fix NULL Pointer Dereference Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Date: Sat, 5 Apr 2025 17:42:20 +0800 X-Priority: 3 Message-ID: X-QQ-MIME: TCMime 1.0 by Tencent X-Mailer: QQMail 2.x X-QQ-Mailer: QQMail 2.x X-BIZMAIL-ID: 291444768225239704 X-QQ-SENDSIZE: 520 Received: from qq.com (unknown [127.0.0.1]) by smtp.qq.com (ESMTP) with SMTP id ; Sat, 05 Apr 2025 17:42:22 +0800 (CST) Feedback-ID: v:m.fudan.edu.cn:qybglogicsvrgz:qybglogicsvrgz8a-0 X-QQ-XMAILINFO: ORuEwgb9eurkygiX/12nK3JFaEOnU4W8nrbgSc5cyhB0ex5btEokqOUe DJ4oH31h4Tq8Eus6NiGdh/gbE+KKcqEG0/wsIfiBeOBJkhxQM0LzzDOdBmLnxGzrCGItNdO yWLSnt35zoA2un9CTDhcGRLIN6vobeZb0BWJD0Hg0A/fnfOn82vQvbPP2E6ffK2urvNZGOS KURwYZgk3YxHxUZG93/9zVwc81c3Gemi4ZGIkkqWH5c6fMkEWcP31csq2b6iXx78ZfXOnph TdteKZnTPjHS15qGgiuvzBnhb6QbLEhQFQiNL2bDyTJrX3DAMblZJ/WtxJVDOA2IAgYzJHw IrxbHT4y16udSoHC7C6sUtIos0o+fYh5/JnEXCsakGybMHluFQ49Fyj5IfFyqiFGR9yA1OI Nkzb/VrwsYfkwBmM5r7wObE39MetvRvbuenVBBEqggL4BqXOfmba+xZynYQjKjLfVRhw3Ae MxtwzzN/uB7eowJZ1c/rd1PWqDZaiwlxD39tvg9fp6aYYqWBVQBHyjbQaNGm7GleVliAvOk 2ELrbKmB1xynQQOu3A/bH4ikNSTh9rWdwx9S7+VnvH+CMHc/acoaGRp6ssPuo7nWlgrnHmb GjQAWOPmd2PJHaJtvyRzgG2lPeY/kPchyUz7XYIHmhhSV9mmf8w48z9Qb1UkSs+fTh6YUuj 8YC2p8nwkLfYHC5vIJq724fRuOY8WZOuCbjtwUsaj/Hgc2eb7eR0VPu+Lj0veP2bn1Lurzr qM3LsLkY7kcj1PcbUTuEKeb3XpNUZyJtX703ZvWIZxu+cWix7p9EzFwq1dKeBy19eAfXna5 kTSOmNRJdzWg4JmWKIjx0pPmjTdlAYqSVUHc10/Ou6B46fm6flBJX/ZC5pJNOq1ep+khRtC OpLbgFSNJ1vA2KIf4T5GRK5HkRkJIyjVIvDUNdUAwOV3m8oBDYVrsaAsUYKCx49drfrMw1G AKz4fj/lAOUUUxw== X-QQ-XMRINFO: Nq+8W0+stu50PRdwbJxPCL0= X-QQ-RECHKSPAM: 0 X-Patchwork-Delegate: dsahern@gmail.com The vulnerability happens in load_ugly_table(), misc/nstat.c, in the latest version of iproute2. The vulnerability can be triggered by: 1. db is set to NULL at struct nstat_ent *db = NULL; 2. n is set to NULL at n = db; 3. NULL dereference of variable n happens at sscanf(p+1, "%llu", &n->val) != 1 Subject: [PATCH] Fix Null Dereference when no entries are specified Signed-off-by: Ziao Li --- misc/nstat.c | 4 ++++ 1 file changed, 4 insertions(+) -- 2.34.1 diff --git a/misc/nstat.c b/misc/nstat.c index fce3e9c1..b2e19bde 100644 --- a/misc/nstat.c +++ b/misc/nstat.c @@ -218,6 +218,10 @@ static void load_ugly_table(FILE *fp) p = next; } n = db; + if (n == NULL) { + fprintf(stderr, "Error: Invalid input – line has ':' but no entries. Add values after ':'.\n"); + exit(-2); + } nread = getline(&buf, &buflen, fp); if (nread == -1) { fprintf(stderr, "%s:%d: error parsing history file\n",